Save 35% on a CIP subscription today!
Use code cybernewyear35 at checkout to save 35% on a CIP subscription today!
Valid until January 2nd. Hurry, this offer ends soon!

Introduction to Incident Response

In this lesson and the two that follow it, we will learn about how to deal with situations when things go wrong. We will begin with Incident Response, which is the initial point at which an organization is reacting to a situation.

As we will discuss in the video below, when an incident occurs, you no longer have the opportunity to plan for it. You need to have already made a plan and have it ready to go. In the context of cybersecurity, an incident could be as minor as a failed attempt by a hacker to log into your system or as serious as a ransomware attack that brings your business to a halt.

Embedded image

One of the biggest mistakes a company can make is to neglect the importance of having an incident response plan. In this article in Forbes Magazine, members of the Forbes Technology Council provided their tips for maintaining a robust IR plan. The first tip was to take a 'when, not if' approach to your plan and assume an incident is likely to occur. Check out the video below to learn more about the best practices related to Incident Response.

Some other tips mentioned in the Forbes article referenced above reinforce the concepts we covered in the video, including:

  • Tabletop exercises can be a very inexpensive yet effective way to exercise your plan.
  • It's important to frequently review and update your plan. (This is part of the IR Life Cycle.)
  • Your IR team needs to have a multidisciplinary make-up and span key parts of your organization.
  • You should plan to have open communication with your customers. Having a plan for how you will communicate with customers (as well as other key stakeholders) is extremely important and not something you want to figure out on the fly.
  • It is important to make sure there is a hierarchy, so that people know who the incident manager is and what the process for escalation is. How do you know when to declare an incident? If you have not explained that in your plan, your team will not even know how or when to kick of your response.

Up Next

In the next lesson, we will look at Business Continuity. Be sure to answer the questions on the Tasks tab, then click Continue.

Forum Discussions